Forgot your password?
typodupeerror
Security

+ - Stuxnet Authors Made Key Errors, Experts Say-> 1

Submitted by Trailrunner7
Trailrunner7 (1100399) writes "There is a growing sentiment among security researchers that the programmers behind the Stuxnet attack may not have been the super-elite cadre of developers that they've been mythologized to be in the media. In fact, some experts say that Stuxnet could well have been far more effective and difficult to detect had the attackers not made a few elementary mistakes.

In a talk at the Black Hat DC conference here Tuesday, Tom Parker, a security consultant, presented a compelling case that Stuxnet may be the product of a collaboration between two disparate groups, perhaps a talented group of programmers that produced most of the code and exploits and a less sophisticated group that may have adapted the tool for its eventual use. Parker analyzed the code in Stuxnet and looked at both the quality of the code itself as well as how well it did what it was designed to do, and found several indications that the code itself is not very well done, but was still highly effective on some levels.

The mistakes weren't limited to the operational aspects of Stuxnet, either. Nate Lawson, a cryptographer and expert on the security of embedded systems, said in a blog post Monday that the Stuxnet authors were very naive in the methods they used to cloak the payload and target of the malware. Lawson said that the Stuxnet authors ignored a number of well-known techniques that could have been much more effective at hiding the worm's intentions."

Link to Original Source

Comment: Re:"Committed Suicide?" (Score 1) 538

by uninformedLuddite (#29282819) Attached to: EMC Co-Founder Committs Suicide

How about taking an overdose of some very fun drug while enjoying the company of a well-paid lady friend?

When you have great drugs the company doesn't matter at all. Nothing's better than having in-depth conversations with extremely witty and intelligent people that are all just a figment of your imagination.

Comment: Re:Incompatibility Problems (Score 2, Insightful) 233

by Ythan (#29157291) Attached to: Google Brings SVG Support To IE
Youtube doesn't support dial-up either, that doesn't mean you shouldn't.

There are plenty of free libraries you can use to retain IE6 compatibility with your website. Yes it's quirky and a pain in the ass but if you can't offer at least basic functionality for IE6 users then you're doing something wrong. The anti-IE6 movement just means that there are a lot of developers out there who are too lazy or inexperienced to deal with an older browser. They should take more pride in their work IMHO.

Comment: Re:IDM UltraEdit (Score 1) 1131

by Ythan (#26703561) Attached to: Favorite text editor?

I suspect our views about religion are very similar. The difference is that I don't ridicule people that disagree with me on the subject, unless they use their views as an excuse to belittle others.

Well I'll be sure to give you a tolerance trophy if I ever meet you. I like the guy just fine, I send him money and I use his software every day. Sorry for pointing out his eccentricities to try and make my post more interesting. Sometimes I forget that the internet is serious business.

Comment: Re:IDM UltraEdit (Score 1) 1131

by Ythan (#26690137) Attached to: Favorite text editor?

Do you declare anyone with religious beliefs contrary to your own as a "whack job"?

Generally speaking, I declare someone a "whack job" if they strongly hold any ridiculous beliefs unsubstantiated by science or reason. Religion has nothing to do with it besides being a common source of said individuals. But the purpose of my post wasn't to troll Jesus freaks, s/whack job/superstitious/ if you feel my tone was too pejorative.

Comment: Re:About to move to the Java port of Lucene... (Score 1) 47

by Ythan (#26674455) Attached to: Lucene and SOLR Get Commercial Support
As a satisfied user I just wanted to give another shoutout to Sphinx. It really is fantastic, better than Lucene if you want something lightweight and easy to configure, and the speed and relevance of search results are excellent. Commercial support is available and it's being used on Craigslist and The Pirate Bay among other notable sites. Anyone who's struggling with MySQL's anemic fulltext search would do well to give it a look.

"Only the hypocrite is really rotten to the core." -- Hannah Arendt.

Working...